Content

Microsoft Blocks SHA-1 Certificates in IE and Edge

By Marcos Colon

In case you didn’t notice during May’s Patch Tuesday release, Microsoft has banned SHA-1 certificates in Internet Explorer and Edge.

Browsers will now flag SSL/TLS certificates that leverage the dated cryptographic hash function as insecure.

This marks yet another step toward phasing out the use of the SHA-1 certificates – which date back to 1995 – that many browser vendors believe do not provide enough security, according to a report by CSO Online.

“This change will only impact SHA-1 certificates that chain to a root in the Microsoft Trusted Root Program where the end-entity certificate or the issuing intermediate uses SHA-1,” Microsoft said in its security bulletin.

Although enterprise or self-signed SHA-1 certificates aren’t impacted, the company goes on to recommend that customers “quickly migrate to SHA-2 based certificates.” 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds